At 10:22 AM -0600 11/1/04, NetHead wrote:
>I suspect that somehow the addresses on my mail server have been
>compromised. I have been getting a flood of worm-laden messages, many of
>them showing "FROM:" addresses on our mail server. I wouldn't think much
>of it normally; I'm well aware of the various worms that will hijack the
>address book on an infected computer and use those for forge the "FROM:"
>header. But today I saw one from a brand new e-mail address that has not
>been used yet (at least not to my knowledge).
>
>If I wanted to scour my mail logs for "harvesting" attempts, what key
>words should I use in the filters?